1766 lines
45 KiB
HTML
1766 lines
45 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of IP</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>IP</H1>
|
|
Section: Linux Programmer's Manual (7)<BR>Updated: 2019-03-06<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
ip - Linux IPv4 protocol implementation
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<B>#include <<A HREF="file:///usr/include/sys/socket.h">sys/socket.h</A>></B>
|
|
|
|
<BR>
|
|
|
|
|
|
|
|
<B>#include <<A HREF="file:///usr/include/netinet/in.h">netinet/in.h</A>></B>
|
|
|
|
<BR>
|
|
|
|
<B>#include <<A HREF="file:///usr/include/netinet/ip.h">netinet/ip.h</A>> </B>/* superset of previous */
|
|
|
|
<P>
|
|
|
|
<I>tcp_socket</I><B> = socket(AF_INET, SOCK_STREAM, 0);</B>
|
|
|
|
<BR>
|
|
|
|
<I>udp_socket</I><B> = socket(AF_INET, SOCK_DGRAM, 0);</B>
|
|
|
|
<BR>
|
|
|
|
<I>raw_socket</I><B> = socket(AF_INET, SOCK_RAW, </B><I>protocol</I><B>);</B>
|
|
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
Linux implements the Internet Protocol, version 4,
|
|
described in RFC 791 and RFC 1122.
|
|
<B>ip</B>
|
|
|
|
contains a level 2 multicasting implementation conforming to RFC 1112.
|
|
It also contains an IP router including a packet filter.
|
|
<P>
|
|
|
|
The programming interface is BSD-sockets compatible.
|
|
For more information on sockets, see
|
|
<B><A HREF="/cgi-bin/man/man2html?7+socket">socket</A></B>(7).
|
|
|
|
<P>
|
|
|
|
An IP socket is created using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+socket">socket</A></B>(2):
|
|
|
|
<P>
|
|
|
|
<BR> socket(AF_INET, socket_type, protocol);
|
|
<P>
|
|
|
|
Valid socket types are
|
|
<B>SOCK_STREAM</B>
|
|
|
|
to open a
|
|
<B><A HREF="/cgi-bin/man/man2html?7+tcp">tcp</A></B>(7)
|
|
|
|
socket,
|
|
<B>SOCK_DGRAM</B>
|
|
|
|
to open a
|
|
<B><A HREF="/cgi-bin/man/man2html?7+udp">udp</A></B>(7)
|
|
|
|
socket, or
|
|
<B>SOCK_RAW</B>
|
|
|
|
to open a
|
|
<B><A HREF="/cgi-bin/man/man2html?7+raw">raw</A></B>(7)
|
|
|
|
socket to access the IP protocol directly.
|
|
<I>protocol</I>
|
|
|
|
is the IP protocol in the IP header to be received or sent.
|
|
The only valid values for
|
|
<I>protocol</I>
|
|
|
|
are 0 and
|
|
<B>IPPROTO_TCP</B>
|
|
|
|
for TCP sockets, and 0 and
|
|
<B>IPPROTO_UDP</B>
|
|
|
|
for UDP sockets.
|
|
For
|
|
<B>SOCK_RAW</B>
|
|
|
|
you may specify a valid IANA IP protocol defined in
|
|
RFC 1700 assigned numbers.
|
|
<P>
|
|
|
|
When a process wants to receive new incoming packets or connections, it
|
|
should bind a socket to a local interface address using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+bind">bind</A></B>(2).
|
|
|
|
In this case, only one IP socket may be bound to any given local
|
|
(address, port) pair.
|
|
When
|
|
<B>INADDR_ANY</B>
|
|
|
|
is specified in the bind call, the socket will be bound to
|
|
<I>all</I>
|
|
|
|
local interfaces.
|
|
When
|
|
<B><A HREF="/cgi-bin/man/man2html?2+listen">listen</A></B>(2)
|
|
|
|
is called on an unbound socket, the socket is automatically bound
|
|
to a random free port with the local address set to
|
|
<B>INADDR_ANY</B>.
|
|
|
|
When
|
|
<B><A HREF="/cgi-bin/man/man2html?2+connect">connect</A></B>(2)
|
|
|
|
is called on an unbound socket, the socket is automatically bound
|
|
to a random free port or to a usable shared port with the local address
|
|
set to
|
|
<B>INADDR_ANY</B>.
|
|
|
|
<P>
|
|
|
|
A TCP local socket address that has been bound is unavailable for
|
|
some time after closing, unless the
|
|
<B>SO_REUSEADDR</B>
|
|
|
|
flag has been set.
|
|
Care should be taken when using this flag as it makes TCP less reliable.
|
|
<A NAME="lbAE"> </A>
|
|
<H3>Address format</H3>
|
|
|
|
An IP socket address is defined as a combination of an IP interface
|
|
address and a 16-bit port number.
|
|
The basic IP protocol does not supply port numbers, they
|
|
are implemented by higher level protocols like
|
|
<B><A HREF="/cgi-bin/man/man2html?7+udp">udp</A></B>(7)
|
|
|
|
and
|
|
<B><A HREF="/cgi-bin/man/man2html?7+tcp">tcp</A></B>(7).
|
|
|
|
On raw sockets
|
|
<I>sin_port</I>
|
|
|
|
is set to the IP protocol.
|
|
<P>
|
|
|
|
|
|
|
|
struct sockaddr_in {
|
|
<BR> sa_family_t sin_family; /* address family: AF_INET */
|
|
<BR> in_port_t sin_port; /* port in network byte order */
|
|
<BR> struct in_addr sin_addr; /* internet address */
|
|
};
|
|
<P>
|
|
/* Internet address. */
|
|
struct in_addr {
|
|
<BR> uint32_t s_addr; /* address in network byte order */
|
|
};
|
|
|
|
|
|
<P>
|
|
|
|
<I>sin_family</I>
|
|
|
|
is always set to
|
|
<B>AF_INET</B>.
|
|
|
|
This is required; in Linux 2.2 most networking functions return
|
|
<B>EINVAL</B>
|
|
|
|
when this setting is missing.
|
|
<I>sin_port</I>
|
|
|
|
contains the port in network byte order.
|
|
The port numbers below 1024 are called
|
|
<I>privileged ports</I>
|
|
|
|
(or sometimes:
|
|
<I>reserved ports</I>).
|
|
|
|
Only a privileged process
|
|
(on Linux: a process that has the
|
|
<B>CAP_NET_BIND_SERVICE</B>
|
|
|
|
capability in the user namespace governing its network namespace) may
|
|
<B><A HREF="/cgi-bin/man/man2html?2+bind">bind</A></B>(2)
|
|
|
|
to these sockets.
|
|
Note that the raw IPv4 protocol as such has no concept of a
|
|
port, they are implemented only by higher protocols like
|
|
<B><A HREF="/cgi-bin/man/man2html?7+tcp">tcp</A></B>(7)
|
|
|
|
and
|
|
<B><A HREF="/cgi-bin/man/man2html?7+udp">udp</A></B>(7).
|
|
|
|
<P>
|
|
|
|
<I>sin_addr</I>
|
|
|
|
is the IP host address.
|
|
The
|
|
<I>s_addr</I>
|
|
|
|
member of
|
|
<I>struct in_addr</I>
|
|
|
|
contains the host interface address in network byte order.
|
|
<I>in_addr</I>
|
|
|
|
should be assigned one of the
|
|
<B>INADDR_*</B>
|
|
|
|
values
|
|
(e.g.,
|
|
<B>INADDR_LOOPBACK</B>)
|
|
|
|
using
|
|
<B><A HREF="/cgi-bin/man/man2html?3+htonl">htonl</A></B>(3)
|
|
|
|
or set using the
|
|
<B><A HREF="/cgi-bin/man/man2html?3+inet_aton">inet_aton</A></B>(3),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+inet_addr">inet_addr</A></B>(3),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+inet_makeaddr">inet_makeaddr</A></B>(3)
|
|
|
|
library functions or directly with the name resolver (see
|
|
<B><A HREF="/cgi-bin/man/man2html?3+gethostbyname">gethostbyname</A></B>(3)).
|
|
|
|
<P>
|
|
|
|
IPv4 addresses are divided into unicast, broadcast,
|
|
and multicast addresses.
|
|
Unicast addresses specify a single interface of a host,
|
|
broadcast addresses specify all hosts on a network, and multicast
|
|
addresses address all hosts in a multicast group.
|
|
Datagrams to broadcast addresses can be sent or received only when the
|
|
<B>SO_BROADCAST</B>
|
|
|
|
socket flag is set.
|
|
In the current implementation, connection-oriented sockets are allowed
|
|
to use only unicast addresses.
|
|
|
|
<P>
|
|
|
|
Note that the address and the port are always stored in
|
|
network byte order.
|
|
In particular, this means that you need to call
|
|
<B><A HREF="/cgi-bin/man/man2html?3+htons">htons</A></B>(3)
|
|
|
|
on the number that is assigned to a port.
|
|
All address/port manipulation
|
|
functions in the standard library work in network byte order.
|
|
<P>
|
|
|
|
There are several special addresses:
|
|
<B>INADDR_LOOPBACK</B>
|
|
|
|
(127.0.0.1)
|
|
always refers to the local host via the loopback device;
|
|
<B>INADDR_ANY</B>
|
|
|
|
(0.0.0.0)
|
|
means any address for binding;
|
|
<B>INADDR_BROADCAST</B>
|
|
|
|
(255.255.255.255)
|
|
means any host and has the same effect on bind as
|
|
<B>INADDR_ANY</B>
|
|
|
|
for historical reasons.
|
|
<A NAME="lbAF"> </A>
|
|
<H3>Socket options</H3>
|
|
|
|
IP supports some protocol-specific socket options that can be set with
|
|
<B><A HREF="/cgi-bin/man/man2html?2+setsockopt">setsockopt</A></B>(2)
|
|
|
|
and read with
|
|
<B><A HREF="/cgi-bin/man/man2html?2+getsockopt">getsockopt</A></B>(2).
|
|
|
|
The socket option level for IP is
|
|
<B>IPPROTO_IP</B>.
|
|
|
|
|
|
A boolean integer flag is zero when it is false, otherwise true.
|
|
<P>
|
|
|
|
When an invalid socket option is specified,
|
|
<B><A HREF="/cgi-bin/man/man2html?2+getsockopt">getsockopt</A></B>(2)
|
|
|
|
and
|
|
<B><A HREF="/cgi-bin/man/man2html?2+setsockopt">setsockopt</A></B>(2)
|
|
|
|
fail with the error
|
|
<B>ENOPROTOOPT</B>.
|
|
|
|
<DL COMPACT>
|
|
<DT id="1"><B>IP_ADD_MEMBERSHIP</B> (since Linux 1.2)
|
|
|
|
<DD>
|
|
Join a multicast group.
|
|
Argument is an
|
|
<I>ip_mreqn</I>
|
|
|
|
structure.
|
|
</DL>
|
|
<P>
|
|
|
|
|
|
|
|
struct ip_mreqn {
|
|
<BR> struct in_addr imr_multiaddr; /* IP multicast group
|
|
<BR> address */
|
|
<BR> struct in_addr imr_address; /* IP address of local
|
|
<BR> interface */
|
|
<BR> int imr_ifindex; /* interface index */
|
|
};
|
|
|
|
|
|
<P>
|
|
|
|
<I>imr_multiaddr</I>
|
|
|
|
contains the address of the multicast group the application
|
|
wants to join or leave.
|
|
It must be a valid multicast address
|
|
|
|
(or
|
|
<B><A HREF="/cgi-bin/man/man2html?2+setsockopt">setsockopt</A></B>(2)
|
|
|
|
fails with the error
|
|
<B>EINVAL</B>).
|
|
|
|
<I>imr_address</I>
|
|
|
|
is the address of the local interface with which the system
|
|
should join the multicast group; if it is equal to
|
|
<B>INADDR_ANY</B>,
|
|
|
|
an appropriate interface is chosen by the system.
|
|
<I>imr_ifindex</I>
|
|
|
|
is the interface index of the interface that should join/leave the
|
|
<I>imr_multiaddr</I>
|
|
|
|
group, or 0 to indicate any interface.
|
|
<DL COMPACT>
|
|
<DT id="2"><DD>
|
|
The
|
|
<I>ip_mreqn</I>
|
|
|
|
structure is available only since Linux 2.2.
|
|
For compatibility, the old
|
|
<I>ip_mreq</I>
|
|
|
|
structure (present since Linux 1.2) is still supported;
|
|
it differs from
|
|
<I>ip_mreqn</I>
|
|
|
|
only by not including the
|
|
<I>imr_ifindex</I>
|
|
|
|
field.
|
|
(The kernel determines which structure is being passed based
|
|
on the size passed in
|
|
<I>optlen</I>.)
|
|
|
|
<DT id="3"><DD>
|
|
<B>IP_ADD_MEMBERSHIP</B>
|
|
|
|
is valid only for
|
|
<B><A HREF="/cgi-bin/man/man2html?2+setsockopt">setsockopt</A></B>(2).
|
|
|
|
|
|
<DT id="4"><B>IP_ADD_SOURCE_MEMBERSHIP</B> (since Linux 2.4.22 / 2.5.68)
|
|
|
|
<DD>
|
|
Join a multicast group and allow receiving data only
|
|
from a specified source.
|
|
Argument is an
|
|
<I>ip_mreq_source</I>
|
|
|
|
structure.
|
|
</DL>
|
|
<P>
|
|
|
|
|
|
|
|
struct ip_mreq_source {
|
|
<BR> struct in_addr imr_multiaddr; /* IP multicast group
|
|
<BR> address */
|
|
<BR> struct in_addr imr_interface; /* IP address of local
|
|
<BR> interface */
|
|
<BR> struct in_addr imr_sourceaddr; /* IP address of
|
|
<BR> multicast source */
|
|
};
|
|
|
|
|
|
<P>
|
|
|
|
The
|
|
<I>ip_mreq_source</I>
|
|
|
|
structure is similar to
|
|
<I>ip_mreqn</I>
|
|
|
|
described under
|
|
<B>IP_ADD_MEMBERSIP</B>.
|
|
|
|
The
|
|
<I>imr_multiaddr</I>
|
|
|
|
field contains the address of the multicast group the application
|
|
wants to join or leave.
|
|
The
|
|
<I>imr_interface</I>
|
|
|
|
field is the address of the local interface with which
|
|
the system should join the multicast group.
|
|
Finally, the
|
|
<I>imr_sourceaddr</I>
|
|
|
|
field contains the address of the source the
|
|
application wants to receive data from.
|
|
<DL COMPACT>
|
|
<DT id="5"><DD>
|
|
This option can be used multiple times to allow
|
|
receiving data from more than one source.
|
|
<DT id="6"><B>IP_BIND_ADDRESS_NO_PORT</B> (since Linux 4.2)
|
|
|
|
<DD>
|
|
|
|
Inform the kernel to not reserve an ephemeral port when using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+bind">bind</A></B>(2)
|
|
|
|
with a port number of 0.
|
|
The port will later be automatically chosen at
|
|
<B><A HREF="/cgi-bin/man/man2html?2+connect">connect</A></B>(2)
|
|
|
|
time,
|
|
in a way that allows sharing a source port as long as the 4-tuple is unique.
|
|
<DT id="7"><B>IP_BLOCK_SOURCE</B> (since Linux 2.4.22 / 2.5.68)
|
|
|
|
<DD>
|
|
Stop receiving multicast data from a specific source in a given group.
|
|
This is valid only after the application has subscribed
|
|
to the multicast group using either
|
|
<B>IP_ADD_MEMBERSHIP</B>
|
|
|
|
or
|
|
<B>IP_ADD_SOURCE_MEMBERSHIP</B>.
|
|
|
|
<DT id="8"><DD>
|
|
Argument is an
|
|
<I>ip_mreq_source</I>
|
|
|
|
structure as described under
|
|
<B>IP_ADD_SOURCE_MEMBERSHIP</B>.
|
|
|
|
<DT id="9"><B>IP_DROP_MEMBERSHIP</B> (since Linux 1.2)
|
|
|
|
<DD>
|
|
Leave a multicast group.
|
|
Argument is an
|
|
<I>ip_mreqn</I>
|
|
|
|
or
|
|
<I>ip_mreq</I>
|
|
|
|
structure similar to
|
|
<B>IP_ADD_MEMBERSHIP</B>.
|
|
|
|
<DT id="10"><B>IP_DROP_SOURCE_MEMBERSHIP</B> (since Linux 2.4.22 / 2.5.68)
|
|
|
|
<DD>
|
|
Leave a source-specific group---that is, stop receiving data from
|
|
a given multicast group that come from a given source.
|
|
If the application has subscribed to multiple sources within
|
|
the same group, data from the remaining sources will still be delivered.
|
|
To stop receiving data from all sources at once, use
|
|
<B>IP_DROP_MEMBERSHIP</B>.
|
|
|
|
<DT id="11"><DD>
|
|
Argument is an
|
|
<I>ip_mreq_source</I>
|
|
|
|
structure as described under
|
|
<B>IP_ADD_SOURCE_MEMBERSHIP</B>.
|
|
|
|
<DT id="12"><B>IP_FREEBIND</B> (since Linux 2.4)
|
|
|
|
<DD>
|
|
|
|
If enabled, this boolean option allows binding to an IP address
|
|
that is nonlocal or does not (yet) exist.
|
|
This permits listening on a socket,
|
|
without requiring the underlying network interface or the
|
|
specified dynamic IP address to be up at the time that
|
|
the application is trying to bind to it.
|
|
This option is the per-socket equivalent of the
|
|
<I>ip_nonlocal_bind</I>
|
|
|
|
<I>/proc</I>
|
|
|
|
interface described below.
|
|
<DT id="13"><B>IP_HDRINCL</B> (since Linux 2.0)
|
|
|
|
<DD>
|
|
If enabled,
|
|
the user supplies an IP header in front of the user data.
|
|
Valid only for
|
|
<B>SOCK_RAW</B>
|
|
|
|
sockets; see
|
|
<B><A HREF="/cgi-bin/man/man2html?7+raw">raw</A></B>(7)
|
|
|
|
for more information.
|
|
When this flag is enabled, the values set by
|
|
<B>IP_OPTIONS</B>,
|
|
|
|
<B>IP_TTL</B>,
|
|
|
|
and
|
|
<B>IP_TOS</B>
|
|
|
|
are ignored.
|
|
<DT id="14"><B>IP_MSFILTER</B> (since Linux 2.4.22 / 2.5.68)
|
|
|
|
<DD>
|
|
This option provides access to the advanced full-state filtering API.
|
|
Argument is an
|
|
<I>ip_msfilter</I>
|
|
|
|
structure.
|
|
</DL>
|
|
<P>
|
|
|
|
|
|
|
|
struct ip_msfilter {
|
|
<BR> struct in_addr imsf_multiaddr; /* IP multicast group
|
|
<BR> address */
|
|
<BR> struct in_addr imsf_interface; /* IP address of local
|
|
<BR> interface */
|
|
<BR> uint32_t imsf_fmode; /* Filter-mode */
|
|
<P>
|
|
<BR> uint32_t imsf_numsrc; /* Number of sources in
|
|
<BR> the following array */
|
|
<BR> struct in_addr imsf_slist[1]; /* Array of source
|
|
<BR> addresses */
|
|
};
|
|
|
|
|
|
<P>
|
|
|
|
There are two macros,
|
|
<B>MCAST_INCLUDE</B>
|
|
|
|
and
|
|
<B>MCAST_EXCLUDE</B>,
|
|
|
|
which can be used to specify the filtering mode.
|
|
Additionally, the
|
|
<B><A HREF="/cgi-bin/man/man2html?n+IP_MSFILTER_SIZE">IP_MSFILTER_SIZE</A></B>(n)
|
|
|
|
macro exists to determine how much memory is needed to store
|
|
<I>ip_msfilter</I>
|
|
|
|
structure with
|
|
<I>n</I>
|
|
|
|
sources in the source list.
|
|
<DL COMPACT>
|
|
<DT id="15"><DD>
|
|
For the full description of multicast source filtering
|
|
refer to RFC 3376.
|
|
<DT id="16"><B>IP_MTU</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
Retrieve the current known path MTU of the current socket.
|
|
Returns an integer.
|
|
<DT id="17"><DD>
|
|
<B>IP_MTU</B>
|
|
|
|
is valid only for
|
|
<B><A HREF="/cgi-bin/man/man2html?2+getsockopt">getsockopt</A></B>(2)
|
|
|
|
and can be employed only when the socket has been connected.
|
|
<DT id="18"><B>IP_MTU_DISCOVER</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
Set or receive the Path MTU Discovery setting for a socket.
|
|
When enabled, Linux will perform Path MTU Discovery
|
|
as defined in RFC 1191 on
|
|
<B>SOCK_STREAM</B>
|
|
|
|
sockets.
|
|
For
|
|
non-<B>SOCK_STREAM</B>
|
|
|
|
sockets,
|
|
<B>IP_PMTUDISC_DO</B>
|
|
|
|
forces the don't-fragment flag to be set on all outgoing packets.
|
|
It is the user's responsibility to packetize the data
|
|
in MTU-sized chunks and to do the retransmits if necessary.
|
|
The kernel will reject (with
|
|
<B>EMSGSIZE</B>)
|
|
|
|
datagrams that are bigger than the known path MTU.
|
|
<B>IP_PMTUDISC_WANT</B>
|
|
|
|
will fragment a datagram if needed according to the path MTU,
|
|
or will set the don't-fragment flag otherwise.
|
|
<DT id="19"><DD>
|
|
The system-wide default can be toggled between
|
|
<B>IP_PMTUDISC_WANT</B>
|
|
|
|
and
|
|
<B>IP_PMTUDISC_DONT</B>
|
|
|
|
by writing (respectively, zero and nonzero values) to the
|
|
<I>/proc/sys/net/ipv4/ip_no_pmtu_disc</I>
|
|
|
|
file.
|
|
<TABLE>
|
|
<TR VALIGN=top><TD ALIGN=center>Path MTU discovery value</TD><TD>Meaning<BR></TD></TR>
|
|
<TR VALIGN=top><TD>IP_PMTUDISC_WANT</TD><TD>Use per-route settings.<BR></TD></TR>
|
|
<TR VALIGN=top><TD>IP_PMTUDISC_DONT</TD><TD>Never do Path MTU Discovery.<BR></TD></TR>
|
|
<TR VALIGN=top><TD>IP_PMTUDISC_DO</TD><TD>Always do Path MTU Discovery.<BR></TD></TR>
|
|
<TR VALIGN=top><TD>IP_PMTUDISC_PROBE</TD><TD>Set DF but ignore Path MTU.<BR></TD></TR>
|
|
</TABLE>
|
|
|
|
<P>
|
|
When PMTU discovery is enabled, the kernel automatically keeps track of
|
|
the path MTU per destination host.
|
|
When it is connected to a specific peer with
|
|
<B><A HREF="/cgi-bin/man/man2html?2+connect">connect</A></B>(2),
|
|
|
|
the currently known path MTU can be retrieved conveniently using the
|
|
<B>IP_MTU</B>
|
|
|
|
socket option (e.g., after an
|
|
<B>EMSGSIZE</B>
|
|
|
|
error occurred).
|
|
The path MTU may change over time.
|
|
For connectionless sockets with many destinations,
|
|
the new MTU for a given destination can also be accessed using the
|
|
error queue (see
|
|
<B>IP_RECVERR</B>).
|
|
|
|
A new error will be queued for every incoming MTU update.
|
|
<DT id="20"><DD>
|
|
While MTU discovery is in progress, initial packets from datagram sockets
|
|
may be dropped.
|
|
Applications using UDP should be aware of this and not
|
|
take it into account for their packet retransmit strategy.
|
|
<DT id="21"><DD>
|
|
To bootstrap the path MTU discovery process on unconnected sockets, it
|
|
is possible to start with a big datagram size
|
|
(headers up to 64 kilobytes long) and let it shrink by updates of the path MTU.
|
|
<DT id="22"><DD>
|
|
To get an initial estimate of the
|
|
path MTU, connect a datagram socket to the destination address using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+connect">connect</A></B>(2)
|
|
|
|
and retrieve the MTU by calling
|
|
<B><A HREF="/cgi-bin/man/man2html?2+getsockopt">getsockopt</A></B>(2)
|
|
|
|
with the
|
|
<B>IP_MTU</B>
|
|
|
|
option.
|
|
<DT id="23"><DD>
|
|
It is possible to implement RFC 4821 MTU probing with
|
|
<B>SOCK_DGRAM</B>
|
|
|
|
or
|
|
<B>SOCK_RAW</B>
|
|
|
|
sockets by setting a value of
|
|
<B>IP_PMTUDISC_PROBE</B>
|
|
|
|
(available since Linux 2.6.22).
|
|
This is also particularly useful for diagnostic tools such as
|
|
<B><A HREF="/cgi-bin/man/man2html?8+tracepath">tracepath</A></B>(8)
|
|
|
|
that wish to deliberately send probe packets larger than
|
|
the observed Path MTU.
|
|
<DT id="24"><B>IP_MULTICAST_ALL</B> (since Linux 2.6.31)
|
|
|
|
<DD>
|
|
This option can be used to modify the delivery policy of multicast messages
|
|
to sockets bound to the wildcard
|
|
<B>INADDR_ANY</B>
|
|
|
|
address.
|
|
The argument is a boolean integer (defaults to 1).
|
|
If set to 1,
|
|
the socket will receive messages from all the groups that have been joined
|
|
globally on the whole system.
|
|
Otherwise, it will deliver messages only from
|
|
the groups that have been explicitly joined (for example via the
|
|
<B>IP_ADD_MEMBERSHIP</B>
|
|
|
|
option) on this particular socket.
|
|
<DT id="25"><B>IP_MULTICAST_IF</B> (since Linux 1.2)
|
|
|
|
<DD>
|
|
Set the local device for a multicast socket.
|
|
The argument for
|
|
<B><A HREF="/cgi-bin/man/man2html?2+setsockopt">setsockopt</A></B>(2)
|
|
|
|
is an
|
|
<I>ip_mreqn</I>
|
|
|
|
or
|
|
|
|
|
|
(since Linux 3.5)
|
|
<I>ip_mreq</I>
|
|
|
|
structure similar to
|
|
<B>IP_ADD_MEMBERSHIP</B>,
|
|
|
|
or an
|
|
<I>in_addr</I>
|
|
|
|
structure.
|
|
(The kernel determines which structure is being passed based
|
|
on the size passed in
|
|
<I>optlen</I>.)
|
|
|
|
For
|
|
<B><A HREF="/cgi-bin/man/man2html?2+getsockopt">getsockopt</A></B>(2),
|
|
|
|
the argument is an
|
|
<I>in_addr</I>
|
|
|
|
structure.
|
|
<DT id="26"><B>IP_MULTICAST_LOOP</B> (since Linux 1.2)
|
|
|
|
<DD>
|
|
Set or read a boolean integer argument that determines whether
|
|
sent multicast packets should be looped back to the local sockets.
|
|
<DT id="27"><B>IP_MULTICAST_TTL</B> (since Linux 1.2)
|
|
|
|
<DD>
|
|
Set or read the time-to-live value of outgoing multicast packets for this
|
|
socket.
|
|
It is very important for multicast packets to set the smallest TTL possible.
|
|
The default is 1 which means that multicast packets don't leave the local
|
|
network unless the user program explicitly requests it.
|
|
Argument is an integer.
|
|
<DT id="28"><B>IP_NODEFRAG</B> (since Linux 2.6.36)
|
|
|
|
<DD>
|
|
If enabled (argument is nonzero),
|
|
the reassembly of outgoing packets is disabled in the netfilter layer.
|
|
The argument is an integer.
|
|
<DT id="29"><DD>
|
|
This option is valid only for
|
|
<B>SOCK_RAW</B>
|
|
|
|
sockets.
|
|
<DT id="30"><B>IP_OPTIONS</B> (since Linux 2.0)
|
|
|
|
<DD>
|
|
|
|
Set or get the IP options to be sent with every packet from this socket.
|
|
The arguments are a pointer to a memory buffer containing the options
|
|
and the option length.
|
|
The
|
|
<B><A HREF="/cgi-bin/man/man2html?2+setsockopt">setsockopt</A></B>(2)
|
|
|
|
call sets the IP options associated with a socket.
|
|
The maximum option size for IPv4 is 40 bytes.
|
|
See RFC 791 for the allowed options.
|
|
When the initial connection request packet for a
|
|
<B>SOCK_STREAM</B>
|
|
|
|
socket contains IP options, the IP options will be set automatically
|
|
to the options from the initial packet with routing headers reversed.
|
|
Incoming packets are not allowed to change options after the connection
|
|
is established.
|
|
The processing of all incoming source routing options
|
|
is disabled by default and can be enabled by using the
|
|
<I>accept_source_route</I>
|
|
|
|
<I>/proc</I>
|
|
|
|
interface.
|
|
Other options like timestamps are still handled.
|
|
For datagram sockets, IP options can be only set by the local user.
|
|
Calling
|
|
<B><A HREF="/cgi-bin/man/man2html?2+getsockopt">getsockopt</A></B>(2)
|
|
|
|
with
|
|
<B>IP_OPTIONS</B>
|
|
|
|
puts the current IP options used for sending into the supplied buffer.
|
|
<DT id="31"><B>IP_PKTINFO</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
Pass an
|
|
<B>IP_PKTINFO</B>
|
|
|
|
ancillary message that contains a
|
|
<I>pktinfo</I>
|
|
|
|
structure that supplies some information about the incoming packet.
|
|
This only works for datagram oriented sockets.
|
|
The argument is a flag that tells the socket whether the
|
|
<B>IP_PKTINFO</B>
|
|
|
|
message should be passed or not.
|
|
The message itself can only be sent/retrieved
|
|
as control message with a packet using
|
|
<B><A HREF="/cgi-bin/man/man2html?2+recvmsg">recvmsg</A></B>(2)
|
|
|
|
or
|
|
<B><A HREF="/cgi-bin/man/man2html?2+sendmsg">sendmsg</A></B>(2).
|
|
|
|
<DT id="32"><DD>
|
|
|
|
|
|
struct in_pktinfo {
|
|
<BR> unsigned int ipi_ifindex; /* Interface index */
|
|
<BR> struct in_addr ipi_spec_dst; /* Local address */
|
|
<BR> struct in_addr ipi_addr; /* Header Destination
|
|
<BR> address */
|
|
};
|
|
|
|
|
|
<DT id="33"><DD>
|
|
<I>ipi_ifindex</I>
|
|
|
|
is the unique index of the interface the packet was received on.
|
|
<I>ipi_spec_dst</I>
|
|
|
|
is the local address of the packet and
|
|
<I>ipi_addr</I>
|
|
|
|
is the destination address in the packet header.
|
|
If
|
|
<B>IP_PKTINFO</B>
|
|
|
|
is passed to
|
|
<B><A HREF="/cgi-bin/man/man2html?2+sendmsg">sendmsg</A></B>(2)
|
|
|
|
and
|
|
|
|
<I>ipi_spec_dst</I>
|
|
|
|
is not zero, then it is used as the local source address for the routing
|
|
table lookup and for setting up IP source route options.
|
|
When
|
|
<I>ipi_ifindex</I>
|
|
|
|
is not zero, the primary local address of the interface specified by the
|
|
index overwrites
|
|
<I>ipi_spec_dst</I>
|
|
|
|
for the routing table lookup.
|
|
<DT id="34"><B>IP_RECVERR</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
Enable extended reliable error message passing.
|
|
When enabled on a datagram socket, all
|
|
generated errors will be queued in a per-socket error queue.
|
|
When the user receives an error from a socket operation,
|
|
the errors can be received by calling
|
|
<B><A HREF="/cgi-bin/man/man2html?2+recvmsg">recvmsg</A></B>(2)
|
|
|
|
with the
|
|
<B>MSG_ERRQUEUE</B>
|
|
|
|
flag set.
|
|
The
|
|
<I>sock_extended_err</I>
|
|
|
|
structure describing the error will be passed in an ancillary message with
|
|
the type
|
|
<B>IP_RECVERR</B>
|
|
|
|
and the level
|
|
<B>IPPROTO_IP</B>.
|
|
|
|
|
|
This is useful for reliable error handling on unconnected sockets.
|
|
The received data portion of the error queue contains the error packet.
|
|
<DT id="35"><DD>
|
|
The
|
|
<B>IP_RECVERR</B>
|
|
|
|
control message contains a
|
|
<I>sock_extended_err</I>
|
|
|
|
structure:
|
|
<DT id="36"><DD>
|
|
|
|
|
|
#define SO_EE_ORIGIN_NONE 0
|
|
#define SO_EE_ORIGIN_LOCAL 1
|
|
#define SO_EE_ORIGIN_ICMP 2
|
|
#define SO_EE_ORIGIN_ICMP6 3
|
|
<P>
|
|
struct sock_extended_err {
|
|
<BR> uint32_t ee_errno; /* error number */
|
|
<BR> uint8_t ee_origin; /* where the error originated */
|
|
<BR> uint8_t ee_type; /* type */
|
|
<BR> uint8_t ee_code; /* code */
|
|
<BR> uint8_t ee_pad;
|
|
<BR> uint32_t ee_info; /* additional information */
|
|
<BR> uint32_t ee_data; /* other data */
|
|
<BR> /* More data may follow */
|
|
};
|
|
<P>
|
|
struct sockaddr *SO_EE_OFFENDER(struct sock_extended_err *);
|
|
|
|
|
|
<DT id="37"><DD>
|
|
<I>ee_errno</I>
|
|
|
|
contains the
|
|
<I>errno</I>
|
|
|
|
number of the queued error.
|
|
<I>ee_origin</I>
|
|
|
|
is the origin code of where the error originated.
|
|
The other fields are protocol-specific.
|
|
The macro
|
|
<B>SO_EE_OFFENDER</B>
|
|
|
|
returns a pointer to the address of the network object
|
|
where the error originated from given a pointer to the ancillary message.
|
|
If this address is not known, the
|
|
<I>sa_family</I>
|
|
|
|
member of the
|
|
<I>sockaddr</I>
|
|
|
|
contains
|
|
<B>AF_UNSPEC</B>
|
|
|
|
and the other fields of the
|
|
<I>sockaddr</I>
|
|
|
|
are undefined.
|
|
<DT id="38"><DD>
|
|
IP uses the
|
|
<I>sock_extended_err</I>
|
|
|
|
structure as follows:
|
|
<I>ee_origin</I>
|
|
|
|
is set to
|
|
<B>SO_EE_ORIGIN_ICMP</B>
|
|
|
|
for errors received as an ICMP packet, or
|
|
<B>SO_EE_ORIGIN_LOCAL</B>
|
|
|
|
for locally generated errors.
|
|
Unknown values should be ignored.
|
|
<I>ee_type</I>
|
|
|
|
and
|
|
<I>ee_code</I>
|
|
|
|
are set from the type and code fields of the ICMP header.
|
|
<I>ee_info</I>
|
|
|
|
contains the discovered MTU for
|
|
<B>EMSGSIZE</B>
|
|
|
|
errors.
|
|
The message also contains the
|
|
<I>sockaddr_in of the node</I>
|
|
|
|
caused the error, which can be accessed with the
|
|
<B>SO_EE_OFFENDER</B>
|
|
|
|
macro.
|
|
The
|
|
<I>sin_family</I>
|
|
|
|
field of the
|
|
<B>SO_EE_OFFENDER</B>
|
|
|
|
address is
|
|
<B>AF_UNSPEC</B>
|
|
|
|
when the source was unknown.
|
|
When the error originated from the network, all IP options
|
|
(<B>IP_OPTIONS</B>, <B>IP_TTL</B>,
|
|
|
|
etc.) enabled on the socket and contained in the
|
|
error packet are passed as control messages.
|
|
The payload of the packet causing the error is returned as normal payload.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Note that TCP has no error queue;
|
|
<B>MSG_ERRQUEUE</B>
|
|
|
|
is not permitted on
|
|
<B>SOCK_STREAM</B>
|
|
|
|
sockets.
|
|
<B>IP_RECVERR</B>
|
|
|
|
is valid for TCP, but all errors are returned by socket function return or
|
|
<B>SO_ERROR</B>
|
|
|
|
only.
|
|
<DT id="39"><DD>
|
|
For raw sockets,
|
|
<B>IP_RECVERR</B>
|
|
|
|
enables passing of all received ICMP errors to the
|
|
application, otherwise errors are only reported on connected sockets
|
|
<DT id="40"><DD>
|
|
It sets or retrieves an integer boolean flag.
|
|
<B>IP_RECVERR</B>
|
|
|
|
defaults to off.
|
|
<DT id="41"><B>IP_RECVOPTS</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
Pass all incoming IP options to the user in a
|
|
<B>IP_OPTIONS</B>
|
|
|
|
control message.
|
|
The routing header and other options are already filled in
|
|
for the local host.
|
|
Not supported for
|
|
<B>SOCK_STREAM</B>
|
|
|
|
sockets.
|
|
<DT id="42"><B>IP_RECVORIGDSTADDR</B> (since Linux 2.6.29)
|
|
|
|
<DD>
|
|
|
|
This boolean option enables the
|
|
<B>IP_ORIGDSTADDR</B>
|
|
|
|
ancillary message in
|
|
<B><A HREF="/cgi-bin/man/man2html?2+recvmsg">recvmsg</A></B>(2),
|
|
|
|
in which the kernel returns the original destination address
|
|
of the datagram being received.
|
|
The ancillary message contains a
|
|
<I>struct sockaddr_in</I>.
|
|
|
|
<DT id="43"><B>IP_RECVTOS</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
If enabled, the
|
|
<B>IP_TOS</B>
|
|
|
|
ancillary message is passed with incoming packets.
|
|
It contains a byte which specifies the Type of Service/Precedence
|
|
field of the packet header.
|
|
Expects a boolean integer flag.
|
|
<DT id="44"><B>IP_RECVTTL</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
When this flag is set, pass a
|
|
<B>IP_TTL</B>
|
|
|
|
control message with the time-to-live
|
|
field of the received packet as a 32 bit integer.
|
|
Not supported for
|
|
<B>SOCK_STREAM</B>
|
|
|
|
sockets.
|
|
<DT id="45"><B>IP_RETOPTS</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
Identical to
|
|
<B>IP_RECVOPTS</B>,
|
|
|
|
but returns raw unprocessed options with timestamp and route record
|
|
options not filled in for this hop.
|
|
<DT id="46"><B>IP_ROUTER_ALERT</B> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
Pass all to-be forwarded packets with the
|
|
IP Router Alert option set to this socket.
|
|
Valid only for raw sockets.
|
|
This is useful, for instance, for user-space RSVP daemons.
|
|
The tapped packets are not forwarded by the kernel; it is
|
|
the user's responsibility to send them out again.
|
|
Socket binding is ignored,
|
|
such packets are only filtered by protocol.
|
|
Expects an integer flag.
|
|
<DT id="47"><B>IP_TOS</B> (since Linux 1.0)
|
|
|
|
<DD>
|
|
Set or receive the Type-Of-Service (TOS) field that is sent
|
|
with every IP packet originating from this socket.
|
|
It is used to prioritize packets on the network.
|
|
TOS is a byte.
|
|
There are some standard TOS flags defined:
|
|
<B>IPTOS_LOWDELAY</B>
|
|
|
|
to minimize delays for interactive traffic,
|
|
<B>IPTOS_THROUGHPUT</B>
|
|
|
|
to optimize throughput,
|
|
<B>IPTOS_RELIABILITY</B>
|
|
|
|
to optimize for reliability,
|
|
<B>IPTOS_MINCOST</B>
|
|
|
|
should be used for "filler data" where slow transmission doesn't matter.
|
|
At most one of these TOS values can be specified.
|
|
Other bits are invalid and shall be cleared.
|
|
Linux sends
|
|
<B>IPTOS_LOWDELAY</B>
|
|
|
|
datagrams first by default,
|
|
but the exact behavior depends on the configured queueing discipline.
|
|
|
|
Some high-priority levels may require superuser privileges (the
|
|
<B>CAP_NET_ADMIN</B>
|
|
|
|
capability).
|
|
|
|
|
|
|
|
|
|
<DT id="48"><B>IP_TRANSPARENT</B> (since Linux 2.6.24)
|
|
|
|
<DD>
|
|
|
|
|
|
|
|
|
|
|
|
Setting this boolean option enables transparent proxying on this socket.
|
|
This socket option allows
|
|
the calling application to bind to a nonlocal IP address and operate
|
|
both as a client and a server with the foreign address as the local endpoint.
|
|
NOTE: this requires that routing be set up in a way that
|
|
packets going to the foreign address are routed through the TProxy box
|
|
(i.e., the system hosting the application that employs the
|
|
<B>IP_TRANSPARENT</B>
|
|
|
|
socket option).
|
|
Enabling this socket option requires superuser privileges
|
|
(the
|
|
<B>CAP_NET_ADMIN</B>
|
|
|
|
capability).
|
|
<DT id="49"><DD>
|
|
TProxy redirection with the iptables TPROXY target also requires that
|
|
this option be set on the redirected socket.
|
|
<DT id="50"><B>IP_TTL</B> (since Linux 1.0)
|
|
|
|
<DD>
|
|
Set or retrieve the current time-to-live field that is used in every packet
|
|
sent from this socket.
|
|
<DT id="51"><B>IP_UNBLOCK_SOURCE</B> (since Linux 2.4.22 / 2.5.68)
|
|
|
|
<DD>
|
|
Unblock previously blocked multicast source.
|
|
Returns
|
|
<B>EADDRNOTAVAIL</B>
|
|
|
|
when given source is not being blocked.
|
|
<DT id="52"><DD>
|
|
Argument is an
|
|
<I>ip_mreq_source</I>
|
|
|
|
structure as described under
|
|
<B>IP_ADD_SOURCE_MEMBERSHIP</B>.
|
|
|
|
</DL>
|
|
<A NAME="lbAG"> </A>
|
|
<H3>/proc interfaces</H3>
|
|
|
|
The IP protocol
|
|
supports a set of
|
|
<I>/proc</I>
|
|
|
|
interfaces to configure some global parameters.
|
|
The parameters can be accessed by reading or writing files in the directory
|
|
<I>/proc/sys/net/ipv4/</I>.
|
|
|
|
|
|
|
|
|
|
Interfaces described as
|
|
<I>Boolean</I>
|
|
|
|
take an integer value, with a nonzero value ("true") meaning that
|
|
the corresponding option is enabled, and a zero value ("false")
|
|
meaning that the option is disabled.
|
|
|
|
<DL COMPACT>
|
|
<DT id="53"><I>ip_always_defrag</I> (Boolean; since Linux 2.2.13)
|
|
|
|
<DD>
|
|
[New with kernel 2.2.13; in earlier kernel versions this feature
|
|
was controlled at compile time by the
|
|
<B>CONFIG_IP_ALWAYS_DEFRAG</B>
|
|
|
|
option; this option is not present in 2.4.x and later]
|
|
<DT id="54"><DD>
|
|
When this boolean flag is enabled (not equal 0), incoming fragments
|
|
(parts of IP packets
|
|
that arose when some host between origin and destination decided
|
|
that the packets were too large and cut them into pieces) will be
|
|
reassembled (defragmented) before being processed, even if they are
|
|
about to be forwarded.
|
|
<DT id="55"><DD>
|
|
Enable only if running either a firewall that is the sole link
|
|
to your network or a transparent proxy; never ever use it for a
|
|
normal router or host.
|
|
Otherwise, fragmented communication can be disturbed
|
|
if the fragments travel over different links.
|
|
Defragmentation also has a large memory and CPU time cost.
|
|
<DT id="56"><DD>
|
|
This is automagically turned on when masquerading or transparent
|
|
proxying are configured.
|
|
|
|
<DT id="57"><I>ip_autoconfig</I> (since Linux 2.2 to 2.6.17)
|
|
|
|
<DD>
|
|
|
|
|
|
Not documented.
|
|
|
|
<DT id="58"><I>ip_default_ttl</I> (integer; default: 64; since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
Set the default time-to-live value of outgoing packets.
|
|
This can be changed per socket with the
|
|
<B>IP_TTL</B>
|
|
|
|
option.
|
|
|
|
<DT id="59"><I>ip_dynaddr</I> (Boolean; default: disabled; since Linux 2.0.31)
|
|
|
|
<DD>
|
|
Enable dynamic socket address and masquerading entry rewriting on interface
|
|
address change.
|
|
This is useful for dialup interface with changing IP addresses.
|
|
0 means no rewriting, 1 turns it on and 2 enables verbose mode.
|
|
|
|
<DT id="60"><I>ip_forward</I> (Boolean; default: disabled; since Linux 1.2)
|
|
|
|
<DD>
|
|
Enable IP forwarding with a boolean flag.
|
|
IP forwarding can be also set on a per-interface basis.
|
|
|
|
<DT id="61"><I>ip_local_port_range</I> (since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
This file contains two integers that define the default local port range
|
|
allocated to sockets that are not explicitly bound to a port number---that
|
|
is, the range used for
|
|
<I>ephemeral ports</I>.
|
|
|
|
An ephemeral port is allocated to a socket in the following circumstances:
|
|
<DL COMPACT><DT id="62"><DD>
|
|
<DL COMPACT>
|
|
<DT id="63">*<DD>
|
|
the port number in a socket address is specified as 0 when calling
|
|
<B><A HREF="/cgi-bin/man/man2html?2+bind">bind</A></B>(2);
|
|
|
|
<DT id="64">*<DD>
|
|
<B><A HREF="/cgi-bin/man/man2html?2+listen">listen</A></B>(2)
|
|
|
|
is called on a stream socket that was not previously bound;
|
|
<DT id="65">*<DD>
|
|
<B><A HREF="/cgi-bin/man/man2html?2+connect">connect</A></B>(2)
|
|
|
|
was called on a socket that was not previously bound;
|
|
<DT id="66">*<DD>
|
|
<B><A HREF="/cgi-bin/man/man2html?2+sendto">sendto</A></B>(2)
|
|
|
|
is called on a datagram socket that was not previously bound.
|
|
</DL>
|
|
</DL>
|
|
|
|
<DT id="67"><DD>
|
|
Allocation of ephemeral ports starts with the first number in
|
|
<I>ip_local_port_range</I>
|
|
|
|
and ends with the second number.
|
|
If the range of ephemeral ports is exhausted,
|
|
then the relevant system call returns an error (but see BUGS).
|
|
<DT id="68"><DD>
|
|
Note that the port range in
|
|
<I>ip_local_port_range</I>
|
|
|
|
should not conflict with the ports used by masquerading
|
|
(although the case is handled).
|
|
Also, arbitrary choices may cause problems with some firewall packet
|
|
filters that make assumptions about the local ports in use.
|
|
The first number should be at least greater than 1024,
|
|
or better, greater than 4096, to avoid clashes
|
|
with well known ports and to minimize firewall problems.
|
|
|
|
<DT id="69"><I>ip_no_pmtu_disc</I> (Boolean; default: disabled; since Linux 2.2)
|
|
|
|
<DD>
|
|
|
|
If enabled, don't do Path MTU Discovery for TCP sockets by default.
|
|
Path MTU discovery may fail if misconfigured firewalls (that drop
|
|
all ICMP packets) or misconfigured interfaces (e.g., a point-to-point
|
|
link where the both ends don't agree on the MTU) are on the path.
|
|
It is better to fix the broken routers on the path than to turn off
|
|
Path MTU Discovery globally, because not doing it incurs a high cost
|
|
to the network.
|
|
|
|
|
|
<DT id="70"><I>ip_nonlocal_bind</I> (Boolean; default: disabled; since Linux 2.4)
|
|
|
|
<DD>
|
|
|
|
If set, allows processes to
|
|
<B><A HREF="/cgi-bin/man/man2html?2+bind">bind</A></B>(2)
|
|
|
|
to nonlocal IP addresses,
|
|
which can be quite useful, but may break some applications.
|
|
|
|
|
|
<DT id="71"><I>ip6frag_time</I> (integer; default: 30)
|
|
|
|
<DD>
|
|
Time in seconds to keep an IPv6 fragment in memory.
|
|
|
|
|
|
<DT id="72"><I>ip6frag_secret_interval</I> (integer; default: 600)
|
|
|
|
<DD>
|
|
Regeneration interval (in seconds) of the hash secret (or lifetime
|
|
for the hash secret) for IPv6 fragments.
|
|
<DT id="73"><I>ipfrag_high_thresh</I> (integer), <I>ipfrag_low_thresh</I> (integer)
|
|
|
|
<DD>
|
|
If the amount of queued IP fragments reaches
|
|
<I>ipfrag_high_thresh</I>,
|
|
|
|
the queue is pruned down to
|
|
<I>ipfrag_low_thresh</I>.
|
|
|
|
Contains an integer with the number of bytes.
|
|
<DT id="74"><I>neigh/*</I>
|
|
|
|
<DD>
|
|
See
|
|
<B><A HREF="/cgi-bin/man/man2html?7+arp">arp</A></B>(7).
|
|
|
|
|
|
|
|
|
|
</DL>
|
|
<A NAME="lbAH"> </A>
|
|
<H3>Ioctls</H3>
|
|
|
|
All ioctls described in
|
|
<B><A HREF="/cgi-bin/man/man2html?7+socket">socket</A></B>(7)
|
|
|
|
apply to
|
|
<B>ip</B>.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<P>
|
|
|
|
Ioctls to configure generic device parameters are described in
|
|
<B><A HREF="/cgi-bin/man/man2html?7+netdevice">netdevice</A></B>(7).
|
|
|
|
|
|
<A NAME="lbAI"> </A>
|
|
<H2>ERRORS</H2>
|
|
|
|
|
|
|
|
|
|
<DL COMPACT>
|
|
<DT id="75"><B>EACCES</B>
|
|
|
|
<DD>
|
|
The user tried to execute an operation without the necessary permissions.
|
|
These include:
|
|
sending a packet to a broadcast address without having the
|
|
<B>SO_BROADCAST</B>
|
|
|
|
flag set;
|
|
sending a packet via a
|
|
<I>prohibit</I>
|
|
|
|
route;
|
|
modifying firewall settings without superuser privileges (the
|
|
<B>CAP_NET_ADMIN</B>
|
|
|
|
capability);
|
|
binding to a privileged port without superuser privileges (the
|
|
<B>CAP_NET_BIND_SERVICE</B>
|
|
|
|
capability).
|
|
<DT id="76"><B>EADDRINUSE</B>
|
|
|
|
<DD>
|
|
Tried to bind to an address already in use.
|
|
<DT id="77"><B>EADDRNOTAVAIL</B>
|
|
|
|
<DD>
|
|
A nonexistent interface was requested or the requested source
|
|
address was not local.
|
|
<DT id="78"><B>EAGAIN</B>
|
|
|
|
<DD>
|
|
Operation on a nonblocking socket would block.
|
|
<DT id="79"><B>EALREADY</B>
|
|
|
|
<DD>
|
|
A connection operation on a nonblocking socket is already in progress.
|
|
<DT id="80"><B>ECONNABORTED</B>
|
|
|
|
<DD>
|
|
A connection was closed during an
|
|
<B><A HREF="/cgi-bin/man/man2html?2+accept">accept</A></B>(2).
|
|
|
|
<DT id="81"><B>EHOSTUNREACH</B>
|
|
|
|
<DD>
|
|
No valid routing table entry matches the destination address.
|
|
This error can be caused by an ICMP message from a remote router or
|
|
for the local routing table.
|
|
<DT id="82"><B>EINVAL</B>
|
|
|
|
<DD>
|
|
Invalid argument passed.
|
|
For send operations this can be caused by sending to a
|
|
<I>blackhole</I>
|
|
|
|
route.
|
|
<DT id="83"><B>EISCONN</B>
|
|
|
|
<DD>
|
|
<B><A HREF="/cgi-bin/man/man2html?2+connect">connect</A></B>(2)
|
|
|
|
was called on an already connected socket.
|
|
<DT id="84"><B>EMSGSIZE</B>
|
|
|
|
<DD>
|
|
Datagram is bigger than an MTU on the path and it cannot be fragmented.
|
|
<DT id="85"><B>ENOBUFS</B>, <B>ENOMEM</B>
|
|
|
|
<DD>
|
|
Not enough free memory.
|
|
This often means that the memory allocation is limited by the socket
|
|
buffer limits, not by the system memory, but this is not 100% consistent.
|
|
<DT id="86"><B>ENOENT</B>
|
|
|
|
<DD>
|
|
<B>SIOCGSTAMP</B>
|
|
|
|
was called on a socket where no packet arrived.
|
|
<DT id="87"><B>ENOPKG</B>
|
|
|
|
<DD>
|
|
A kernel subsystem was not configured.
|
|
<DT id="88"><B>ENOPROTOOPT</B> and <B>EOPNOTSUPP</B>
|
|
|
|
<DD>
|
|
Invalid socket option passed.
|
|
<DT id="89"><B>ENOTCONN</B>
|
|
|
|
<DD>
|
|
The operation is defined only on a connected socket, but the socket wasn't
|
|
connected.
|
|
<DT id="90"><B>EPERM</B>
|
|
|
|
<DD>
|
|
User doesn't have permission to set high priority, change configuration,
|
|
or send signals to the requested process or group.
|
|
<DT id="91"><B>EPIPE</B>
|
|
|
|
<DD>
|
|
The connection was unexpectedly closed or shut down by the other end.
|
|
<DT id="92"><B>ESOCKTNOSUPPORT</B>
|
|
|
|
<DD>
|
|
The socket is not configured or an unknown socket type was requested.
|
|
</DL>
|
|
<P>
|
|
|
|
Other errors may be generated by the overlaying protocols; see
|
|
<B><A HREF="/cgi-bin/man/man2html?7+tcp">tcp</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+raw">raw</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+udp">udp</A></B>(7),
|
|
|
|
and
|
|
<B><A HREF="/cgi-bin/man/man2html?7+socket">socket</A></B>(7).
|
|
|
|
<A NAME="lbAJ"> </A>
|
|
<H2>NOTES</H2>
|
|
|
|
<B>IP_FREEBIND</B>,
|
|
|
|
<B>IP_MSFILTER</B>,
|
|
|
|
<B>IP_MTU</B>,
|
|
|
|
<B>IP_MTU_DISCOVER</B>,
|
|
|
|
<B>IP_RECVORIGDSTADDR</B>,
|
|
|
|
<B>IP_PKTINFO</B>,
|
|
|
|
<B>IP_RECVERR</B>,
|
|
|
|
<B>IP_ROUTER_ALERT</B>,
|
|
|
|
and
|
|
<B>IP_TRANSPARENT</B>
|
|
|
|
are Linux-specific.
|
|
|
|
|
|
|
|
<P>
|
|
|
|
Be very careful with the
|
|
<B>SO_BROADCAST</B>
|
|
|
|
option - it is not privileged in Linux.
|
|
It is easy to overload the network
|
|
with careless broadcasts.
|
|
For new application protocols
|
|
it is better to use a multicast group instead of broadcasting.
|
|
Broadcasting is discouraged.
|
|
<P>
|
|
|
|
Some other BSD sockets implementations provide
|
|
<B>IP_RCVDSTADDR</B>
|
|
|
|
and
|
|
<B>IP_RECVIF</B>
|
|
|
|
socket options to get the destination address and the interface of
|
|
received datagrams.
|
|
Linux has the more general
|
|
<B>IP_PKTINFO</B>
|
|
|
|
for the same task.
|
|
<P>
|
|
|
|
Some BSD sockets implementations also provide an
|
|
<B>IP_RECVTTL</B>
|
|
|
|
option, but an ancillary message with type
|
|
<B>IP_RECVTTL</B>
|
|
|
|
is passed with the incoming packet.
|
|
This is different from the
|
|
<B>IP_TTL</B>
|
|
|
|
option used in Linux.
|
|
<P>
|
|
|
|
Using the
|
|
<B>SOL_IP</B>
|
|
|
|
socket options level isn't portable; BSD-based stacks use the
|
|
<B>IPPROTO_IP</B>
|
|
|
|
level.
|
|
<P>
|
|
|
|
<B>INADDR_ANY</B>
|
|
|
|
(0.0.0.0) and
|
|
<B>INADDR_BROADCAST</B>
|
|
|
|
(255.255.255.255) are byte-order-neutral.
|
|
<BR> This means
|
|
<B><A HREF="/cgi-bin/man/man2html?3+htonl">htonl</A></B>(3)
|
|
|
|
has no effect on them.
|
|
<A NAME="lbAK"> </A>
|
|
<H3>Compatibility</H3>
|
|
|
|
For compatibility with Linux 2.0, the obsolete
|
|
<B>socket(AF_INET, SOCK_PACKET, </B><I>protocol</I><B>)</B>
|
|
|
|
syntax is still supported to open a
|
|
<B><A HREF="/cgi-bin/man/man2html?7+packet">packet</A></B>(7)
|
|
|
|
socket.
|
|
This is deprecated and should be replaced by
|
|
<B>socket(AF_PACKET, SOCK_RAW, </B><I>protocol</I><B>)</B>
|
|
|
|
instead.
|
|
The main difference is the new
|
|
<I>sockaddr_ll</I>
|
|
|
|
address structure for generic link layer information instead of the old
|
|
<B>sockaddr_pkt</B>.
|
|
|
|
<A NAME="lbAL"> </A>
|
|
<H2>BUGS</H2>
|
|
|
|
There are too many inconsistent error values.
|
|
<P>
|
|
|
|
The error used to diagnose exhaustion of the ephemeral port range differs
|
|
across the various system calls
|
|
(<B><A HREF="/cgi-bin/man/man2html?2+connect">connect</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+bind">bind</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+listen">listen</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+sendto">sendto</A></B>(2))
|
|
|
|
that can assign ephemeral ports.
|
|
<P>
|
|
|
|
The ioctls to configure IP-specific interface options and ARP tables are
|
|
not described.
|
|
|
|
|
|
|
|
|
|
<P>
|
|
|
|
Receiving the original destination address with
|
|
<B>MSG_ERRQUEUE</B>
|
|
|
|
in
|
|
<I>msg_name</I>
|
|
|
|
by
|
|
<B><A HREF="/cgi-bin/man/man2html?2+recvmsg">recvmsg</A></B>(2)
|
|
|
|
does not work in some 2.2 kernels.
|
|
|
|
|
|
<A NAME="lbAM"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+recvmsg">recvmsg</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?2+sendmsg">sendmsg</A></B>(2),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?3+byteorder">byteorder</A></B>(3),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?4+ipfw">ipfw</A></B>(4),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+capabilities">capabilities</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+icmp">icmp</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+ipv6">ipv6</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+netlink">netlink</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+raw">raw</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+socket">socket</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+tcp">tcp</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?7+udp">udp</A></B>(7),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+ip">ip</A></B>(8)
|
|
|
|
<P>
|
|
|
|
RFC 791 for the original IP specification.
|
|
RFC 1122 for the IPv4 host requirements.
|
|
RFC 1812 for the IPv4 router requirements.
|
|
<A NAME="lbAN"> </A>
|
|
<H2>COLOPHON</H2>
|
|
|
|
This page is part of release 5.05 of the Linux
|
|
<I>man-pages</I>
|
|
|
|
project.
|
|
A description of the project,
|
|
information about reporting bugs,
|
|
and the latest version of this page,
|
|
can be found at
|
|
<A HREF="https://www.kernel.org/doc/man-pages/.">https://www.kernel.org/doc/man-pages/.</A>
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="93"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="94"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="95"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DL>
|
|
<DT id="96"><A HREF="#lbAE">Address format</A><DD>
|
|
<DT id="97"><A HREF="#lbAF">Socket options</A><DD>
|
|
<DT id="98"><A HREF="#lbAG">/proc interfaces</A><DD>
|
|
<DT id="99"><A HREF="#lbAH">Ioctls</A><DD>
|
|
</DL>
|
|
<DT id="100"><A HREF="#lbAI">ERRORS</A><DD>
|
|
<DT id="101"><A HREF="#lbAJ">NOTES</A><DD>
|
|
<DL>
|
|
<DT id="102"><A HREF="#lbAK">Compatibility</A><DD>
|
|
</DL>
|
|
<DT id="103"><A HREF="#lbAL">BUGS</A><DD>
|
|
<DT id="104"><A HREF="#lbAM">SEE ALSO</A><DD>
|
|
<DT id="105"><A HREF="#lbAN">COLOPHON</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:06:08 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|